- Posts: 64
- Thank you received: 0
ARP
- ashok_nitc
- Offline
- Junior Member
Less
More
17 years 7 months ago #21179
by ashok_nitc
Replied by ashok_nitc on topic Re: ARP
i knew that proxy ARP used when they are in different network...not sure just confirm me!!
Proxy ARP is used when a device believe that the destination is on the same subnet because of a wrong netmask!
17 years 7 months ago #21186
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Sorry Kirk didn't make that clear (used wrong words).
What was meant by that line was, if you have a Network Segment, e.g. 10.10.10..0/24 that is using VLAN 2 and the same 10.10.10..0/24 using VLAN 4, then proxy arp would then bridge between the two VLANs.
Is this not the case if no router was involved ?
The reason why i beleive that this is how it works is that in our network at work, i have seen this happen (by a miss configuration on a 3rd Parties server). Basically, we have a layer 3 switch with Inter-Vlan routing configered. VLAN 2 = 10.10.10.0/24 & VLAN 4 = 10.10.11.0/24 for example.
What was configured was, a server 10.10.10.5 had a default gateway set to 10.10.10.5 (misconfigured) however because of the proxy arp, when the server was trying to talk to 10.10.11.10 (on other VLAN) the traffic was spilling onto the 10.10.10.0/24 VLAN and then getting Proxied over to the other VLAN.
The only reason the was spotted (after 4 weeks of troubleshooting) was because we replace the layer 3 switch with a Pix firewall and everything stopped working, when the layer 3 switch was put back in, everything started working again.
(hope it makes sense)
What was meant by that line was, if you have a Network Segment, e.g. 10.10.10..0/24 that is using VLAN 2 and the same 10.10.10..0/24 using VLAN 4, then proxy arp would then bridge between the two VLANs.
Is this not the case if no router was involved ?
The reason why i beleive that this is how it works is that in our network at work, i have seen this happen (by a miss configuration on a 3rd Parties server). Basically, we have a layer 3 switch with Inter-Vlan routing configered. VLAN 2 = 10.10.10.0/24 & VLAN 4 = 10.10.11.0/24 for example.
What was configured was, a server 10.10.10.5 had a default gateway set to 10.10.10.5 (misconfigured) however because of the proxy arp, when the server was trying to talk to 10.10.11.10 (on other VLAN) the traffic was spilling onto the 10.10.10.0/24 VLAN and then getting Proxied over to the other VLAN.
The only reason the was spotted (after 4 weeks of troubleshooting) was because we replace the layer 3 switch with a Pix firewall and everything stopped working, when the layer 3 switch was put back in, everything started working again.
(hope it makes sense)
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
- ashok_nitc
- Offline
- Junior Member
Less
More
- Posts: 64
- Thank you received: 0
17 years 7 months ago #21187
by ashok_nitc
Replied by ashok_nitc on topic Re: ARP
yup!!!
Time to create page: 0.139 seconds